<?php

/**
 * @name LoginController
 * @desc 登录
 */
class LoginController extends AdminController
{
    public function indexAction()
    {
        if ($this->ispost) {
            // 获取参数
            $username = $this->post('username');
            $password = $this->post('password');
            $vercode = $this->post('vercode');
            $user = AdminUsersModel::where('username', $username)->find();
            if ($user) {
                // account info ok
                if ($user->password == AdminUsersModel::hash_password($password, $user->salt)) {
                    // password is right
                    if ($user->status == 1) {
                        if ($user->google_secret) {
                            // 有绑定google验证码,验证验证码
                            if (!Google2FA::verify($user->google_secret, $vercode)) $this->result('验证码错误');
                        }
                        // 用户权限
                        $userLoginStatus = AdminUsersModel::saveLoginStatus($user);
                        if ($userLoginStatus['status'] == true) {
                            // 记录日志
                            $this->isLogin();
                            $this->operation_log('后台登陆');
                            $this->result('登录成功', 0,['rights'=>AdminRightsModel::get_user_rights()]);
                        }
                        $this->result('登陆失败');
                    } else {
                        $this->result('您的账户被锁定');
                    }
                }
            }
            $this->result('账户或密码错误');
        }
    }

    /**
     * 退出
     */
    public function outAction()
    {
        // 记录日志
        // $this->operation_log('后台退出');
        $this->session->del('auth_manager_user');
        $this->result('ok', 0);
    }
}